ARN – AWS Documentation Excerpts

Here are some example ARNs:

<!– AWS Elastic Beanstalk application version –>

arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment

<!– IAM user name –>

arn:aws:iam::123456789012:David

<!– Amazon RDS tag –>

arn:aws:rds:eu-west-1:001234567890:db:mysql-db

<!– Amazon S3 bucket (and all objects in it)–>

arn:aws:s3:::my_corporate_bucket/*

The following are the general formats for ARNs; the specific components and values used depend on the AWS service.

arn:aws:service:region:account:resource
arn:aws:service:region:account:resourcetype/resource
arn:aws:service:region:account:resourcetype:resource

ARN Examples for EC2
Amazon Elastic Compute Cloud (Amazon EC2)
Syntax:

 arn:aws:ec2:region:account:instance/instance-id
arn:aws:iam::account:instance-profile/instance-profile-name
arn:aws:ec2:region:account:placement-group/placement-group-name
arn:aws:ec2:region::snapshot/snapshot-id
arn:aws:ec2:region:account:volume/volume-id

Examples:

 arn:aws:ec2:us-east-1:123456789012:instance/*
arn:aws:ec2:us-east-1:123456789012:volume/*
arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d

ARN Examples of RDS
ARNs are used in Amazon RDS only with tags for DB instances. For more information, see Tagging a DB Instance in the Amazon Relational Database Service User Guide.
Syntax:

 arn:aws:service:region:account:database:databasename
arn:aws:service:region:account:snapshot:snapshotname

Examples:

 arn:aws:rds:eu-west-1:123456789012:db:mysql-db
arn:aws:rds:us-east-1:123456789012:snapshot:my-snapshot2

ARN Examples of Route53

Amazon Route 53
Syntax:

 arn:aws:route53:::hostedzone/zoneid
arn:aws:route53:::change/changeid

Note that Amazon Route 53 does not require an account number or region in ARNs.
Examples:

 arn:aws:route53:::hostedzone/Z148QEXAMPLE8V
arn:aws:route53:::change/C2RDJ5EXAMPLE2
arn:aws:route53:::change/*

ARN Examples of Amazon S3
Syntax:

 arn:aws:s3:::bucketname
arn:aws:s3:::bucketname/objectpath

Note that Amazon S3 does not require an account number or region in ARNs.
Examples:

 arn:aws:s3:::my_corporate_bucket
arn:aws:s3:::my_corporate_bucket/*
arn:aws:s3:::my_corporate_bucket/Development/*

AWS Service Namespaces

When you create AWS IAM policies or work with Amazon Resource Names (ARNs), you identify an AWS service using a namespace. For example, the namespace for Amazon S3 is s3, and the namespace for Amazon EC2 is ec2. You use namespaces when identifying actions and resources.

The following example shows an IAM policy where the value of the Action elements and the values in the Resource and Condition elements use namespaces to identify the services for the actions and resources.

{
"Statement":[{
"Effect":"Allow",
"Action":"iam:*",
"Resource":["arn:aws:iam::123456789012:group/marketing/*",
"arn:aws:iam::123456789012:user/marketing/*"]
},
{
"Effect":"Allow",
"Action":"s3:*",
"Resource":"arn:aws:s3:::example_bucket/marketing/*"
},
{
"Effect":"Allow",
"Action":"s3:ListBucket*",
"Resource":"arn:aws:s3:::example_bucket",
"Condition":{
"StringLike":{
"s3:prefix":"marketing/*"
}
}
}
]
}

The following lists the AWS service namespaces.

 

 

Service Namespace
Auto Scaling autoscaling
AWS Account Billing aws-portal
AWS CloudFormation cloudformation
Amazon CloudFront cloudfront
CloudWatch cloudwatch
Amazon DynamoDB dynamodb
Amazon EC2 ec2
AWS Elastic Beanstalk elasticbeanstalk
Elastic Load Balancing elasticloadbalancing
Amazon Elastic MapReduce elasticmapreduce
Amazon ElastiCache elasticache
Amazon Glacier glacier
IAM iam
AWS Marketplace aws-marketplace
AWS OpsWorks opsworks
Amazon RDS rds
Amazon Route 53 route53
Amazon S3 s3
Amazon SES ses
Amazon SimpleDB sdb
Amazon SNS sns
Amazon SQS sqs
Amazon SWF swf
AWS Storage Gateway storagegateway
AWS STS sts
AWS Support support
Amazon VPC ec2
Advertisements

4 thoughts on “ARN – AWS Documentation Excerpts

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s